I have done extensive searching on google and EE, have implemented the recommended changes (as above).
Still reporting an open relay and I can see that I am relaying a great deal of email not from my server.
I do not want to help spammers, and I know I am now! At them moment I keep on adding the IPs of people using the server for spam to my blocked list. This takes allot of work and is not the answer...

I should put all 120 or so workstations and servers in to the list individualy that use the exchange server, and the isp of both our send mail and the one that forwards the email? I am moer than willing to give it a tryI Will then restart smtp.
Thanks for your quick response.
I will try this now.

Hi Munichpostman,
I removed my subnet from the list and added the individual hosts in my organization that need the relay and restarted the SMTP service. When I tested the relay I am sorry to say that it was still open. I agree with you that it should work.
Regards, Ynaught

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Hi Munichpostman
I am reviewing your last article that you posted and will get back to you with the results. To Clarify, our mx records (in the DNS of our ISP) point to the IP that our exchange server that is behind our firewall (we use NAT, not DMZ). I have the firewall forward port 25 to the NAT address of our exchange server. From what I understand the mail never hits our ISP they only serve to respond to DNS requests.
Thanks again for all your help.

A well-configured mail server should NOT relay third-party email.
Otherwise, the server is subject to abuse by vandals and spammers,
and probable blacklisting by recipients of the unwanted third-party
e-mail.

It is still not clear from the above that your system is open to relay.

One question I forgot to ask you. If you open Exchange System Manager, go to Recipients, Recipient Policies, you should have a recipient policy for your domain.

I suggest that you do the following:

Use Telnet to connect to your exchange system.
try and send a testmail from test@disney.com
to youraccount@hotmail.com (your isp email address)
if the mail arrives at your isp account your system is open to relay,
if not then the mails will ndr from your exchange system and will not be relayed.

A list of top three free exchange EDB viewers that helps the user to extract a mailbox from an unmounted .edb file and get a clear preview of all emails & other items with just a single click on mailboxes.

In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center.
Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center.
Navigate to the Mail Flow…

To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center.
Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center.
Navigate to the Mail Flow >> Rules tab.: To cr…